fcadf0a0a2c90421f3b2b67f4649eabec2d0c8d4dda9127c7621de4ae052f09d

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Program.Unwanted.3168.13308.17325.exe
Size

39.5MB
MD5

01e82baef85b5e28a5f153f13fd320b2
SHA1

3e143d4c368aa53c1cf7d30ce36401463ce8b1db
SHA256

fcadf0a0a2c90421f3b2b67f4649eabec2d0c8d4dda9127c7621de4ae052f09d
SHA512

8cf08a9cd8abbf47980dd2125835c2ed2b9363b57fc847bc826f33200bb59f50246ea3ade7dc4c2a875e6eb03638be59c2ac5d78e7236ea958b1b853ae3ec573
SSDEEP

786432:oCU1Esp3xH+2cvakaqBGlWOP0MG85oXglyO4+xI4EJtL5X1OrbciRT1coX44j:oB1EsT+2cWqBS8H8LlyO4+xI48tooiR/

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1976	SecuriteInfo.com.Program.Unwanted.3168.13308.17325.exe
1976	SecuriteInfo.com.Program.Unwanted.3168.13308.17325.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1976	SecuriteInfo.com.Program.Unwanted.3168.13308.17325.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.3168.13308.17325.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.3168.13308.17325.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy80D.tmp\ioSpecial.ini

Filesize
692B

MD5
e13e09ce85d60c3ee82819f4419ba62d

SHA1
42c484a657942211e3dd2e2cc330591d29195b07

SHA256
1b13429cd40b2eeccc6936f6fbf3abaa02e80a2c4105f9c487a671e9dfdca7a3

SHA512
1ab74936e8512084370e2ce3160f2069c1308b9f8d11e55e5347e36fba3cbfa0a1ca973c4eeb7eee1ce11fc2fa44a82cd5bdf091d9b799b6dc48c779b3e412d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy80D.tmp\ioSpecial.ini

Filesize
718B

MD5
955b6d5f0b1e4e56e851ff001f2f7595

SHA1
4e8462b46ed6e28c0e0b778a8837b523b6e606cf

SHA256
430921f299b3c165290e5abcc072d5f00ca37b86a6c36e5d90cfe56d25f9ec4f

SHA512
00c31d49b5440424562545ab64bf1f060b4e69fd7e548910dcf518979e0fc6f50c391d2e4ace9d7c2475ecc0085fd5cfb878d0f9c77378d35cb7d1b0cfc05b42

Download Submit
\Users\Admin\AppData\Local\Temp\nsy80D.tmp\InstallOptions.dll

Filesize
14KB

MD5
2a03c4a7ac5ee5e0e0a683949f70971b

SHA1
3bd9877caaea4804c0400420494ad1143179dcec

SHA256
d4f0042d8e7622b7e14395e926dd02edab3cdc77e82d88108b67a4d2cee9229b

SHA512
1942cdb522859f8dba46824786e361794a62e6201279201e1e0e2e07499fb6252933c5661782fccd77291c3650cafb2a7a08eee5431c8238f0da44840ee4c476

Download Submit
\Users\Admin\AppData\Local\Temp\nsy80D.tmp\LangDLL.dll

Filesize
5KB

MD5
ebd0da54db9f12ffd15206cc24355793

SHA1
910be3bebdde55eb1ce05915a79f01ebdc622786

SHA256
4066a0cbd9f6bb13c0f6fb064d4647ef7bc68a1be3d0caa4460b5ffd9ed1e0e6

SHA512
cee09db96267b1a30477ff074988606bdf35f9a5aa798a9a10029b11c0c347ab42a124320d777acde458828954cc8cf1a489b1673b31d589cdc4f50d4b86659d

Download Submit